- Computing Services

Tools

 

Manage your Groups

 

HomeToolsUnix overview → Unix groups

Unix groups

Unix groups are used to share files with other users at the University. By default all users at Bath with an account have storage space allocated to them on the central fileserver - their home directory or H drive. Access to your home directory is via the H:\ drive on campus workstations, PCs, Public Access PCs etc or by logging into one of our general purpose Unix machines.

Everyone is a member of at least one group - their default group. Each file or directory on the central fileserver is associated with one group. This is usually referred to as group membership and group ownerships, respectively. That is, users are in groups and files are owned by a group.

Groups are used for general file sharing - if you are in the same group you have the ability to share files with other members of the group. A common use of groups at Bath is to provide write access to departmental web pages.

As mentioned above - all users are a member of one group, their default group, however you can be a member of up to 16 groups in total.

Group management

Managing groups requires some action by the user. Groups can be submitted for creation by using the form on the right. Submissions need to be approved before they take effect on the main systems. If you submit a group creation request you will be the administrator of the group. If you don't want this responsibility don't create the group. Groups other than default groups can be managed via a simple web interface. Login and you will be presented with the groups you are an administrator for and the groups you are a member of. Your default group is excluded from this list.

File and directory ownership

All files or directories are owned by the user creating them. In addition to being owned by a user, each file or directory is also owned by a group. It is important to have group ownership correct, if you ever want to share files with your group. This is especially important if a number of people are responsible for the content of a particular file or group of files such as departmental web files. It is important to note that group ownership does not imply group access, you must set the file access permissions so your group can use the files. Permissions can be set to restrict the type of access that group members have to your directories and files. You can use different Unix groups to share files with separate sets of users.

File and directory permissions

Just setting up a file to be owned by a group does not give your group any access to the file. Granting and limiting access is done by setting the permission modes. You can see the permission modes as a set of 10 letters or dashes in the long listing of a file or directory using the ls -l command

Unix commands for working with Groups

Examples

Use the groups command to see which groups you belong to:

amos [~] $ groups 
ccs info-cc bath05

The first group which is listed is your default group. This may be the only group you are a member of.

Use the ls command to list the files in a directory

amos [~] $ > ls -l
	 
  drwxr-xr-x   2 abc123   bath05          512 Dec  4  2002 Desktop
  drwxr-xr-x   2 abc123   bath05          512 Jul 23  2003 Libproxy
  -rwxr--r--   1 abc123   info-cc     179712 May 18  2004  Log book.doc
  drwxr-xr-x   3 abc123   bath05          512 Nov  9  2004 Macromedia
  drwx------   2 abc123   bath05          512 May 20  1998 Mail
  -rw-------   1 abc123   bath05        37207 Aug 23  2000 Mailbox
  drwxr-xr-x   2 abc123   bath05          512 Apr 22 16:55 New Folder
  -rwxr--r--   1 abc123   bath05          600 Sep 29 13:43 PUTTY.RND
  drwx------   4 abc123   bath05          512 Oct  6  2004 Profiles_Do_Not_Delete

The permissions, owners and groups associated with the files are shown using this command.

Use the chmod command to set permission modes for selected directories and files. In general, you need to set at least read and execute permissions for the directories and read permissions for the files.

The command syntax to enable all members of a group to read some file is:

chmod g+r filename
where filename is the name of the file you want to share. The file is now readable to the group associated with the file filename.

You can recurse this to to make sure a directory and all its files and sub-directories are owned by the correct group.

chmod -R g+r dirname
where dirname is the name of the directory that contains the files you want to share.

The chmod command can also be used to allow members of a group to put files in a directory. The owner of the directory can open a directory for shared writing with the command:

chmod g=swrx dirname
where dirname is the name of the directory you want to members of your group to create files in. The "s" is the group set-ID setting, which means all new files in this group will be owner by the user putting them there, but the group ownership will be set to match the group of the directory, not the current group of the owner. This is the recommended way to keep all the group ownerships correct.

Use the chgrp command to change group ownership of a directory or file. You need to use this command to share files with users who are in the same UNIX group as you, when that group is not your primary group.

 chgrp groupname filename
where groupname is the name of the group with which you would like to share a file named filename.

 The chmod command determines the type of access that group members may have to a file or directory, the chgrp command determines which group may access that file or directory.

In all cases the man commands are essential reading for all these commands: